001 //$$HeadURL: https://svn.wald.intevation.org/svn/deegree/base/branches/2.3_testing/src/org/deegree/portal/standard/security/control/LogoutListener.java $$ 002 /*---------------------------------------------------------------------------- 003 This file is part of deegree, http://deegree.org/ 004 Copyright (C) 2001-2009 by: 005 Department of Geography, University of Bonn 006 and 007 lat/lon GmbH 008 009 This library is free software; you can redistribute it and/or modify it under 010 the terms of the GNU Lesser General Public License as published by the Free 011 Software Foundation; either version 2.1 of the License, or (at your option) 012 any later version. 013 This library is distributed in the hope that it will be useful, but WITHOUT 014 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 015 FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more 016 details. 017 You should have received a copy of the GNU Lesser General Public License 018 along with this library; if not, write to the Free Software Foundation, Inc., 019 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 020 021 Contact information: 022 023 lat/lon GmbH 024 Aennchenstr. 19, 53177 Bonn 025 Germany 026 http://lat-lon.de/ 027 028 Department of Geography, University of Bonn 029 Prof. Dr. Klaus Greve 030 Postfach 1147, 53001 Bonn 031 Germany 032 http://www.geographie.uni-bonn.de/deegree/ 033 034 e-mail: info@deegree.org 035 ----------------------------------------------------------------------------*/ 036 package org.deegree.portal.standard.security.control; 037 038 import java.io.InputStreamReader; 039 import java.io.Reader; 040 import java.net.URL; 041 042 import javax.servlet.http.HttpServletRequest; 043 import javax.servlet.http.HttpSession; 044 045 import org.deegree.enterprise.control.AbstractListener; 046 import org.deegree.enterprise.control.FormEvent; 047 import org.deegree.enterprise.control.RPCMethodCall; 048 import org.deegree.enterprise.control.RPCWebEvent; 049 import org.deegree.framework.log.ILogger; 050 import org.deegree.framework.log.LoggerFactory; 051 import org.deegree.framework.util.CharsetUtils; 052 import org.deegree.framework.util.NetWorker; 053 import org.deegree.framework.xml.NamespaceContext; 054 import org.deegree.framework.xml.XMLTools; 055 import org.deegree.i18n.Messages; 056 import org.deegree.ogcbase.BaseURL; 057 import org.deegree.ogcbase.CommonNamespaces; 058 import org.deegree.ogcwebservices.OWSUtils; 059 import org.deegree.portal.Constants; 060 import org.deegree.portal.context.GeneralExtension; 061 import org.deegree.portal.context.ViewContext; 062 import org.w3c.dom.Document; 063 064 /** 065 * Listener class for handling logout from iGeoPortal standard edition 066 * 067 * @author <a href="mailto:poth@lat-lon.de">Andreas Poth </a> 068 * @author last edited by: $Author: mschneider $ 069 * 070 * @version $Revision: 18195 $, $Date: 2009-06-18 17:55:39 +0200 (Do, 18. Jun 2009) $ 071 */ 072 public class LogoutListener extends AbstractListener { 073 074 private static ILogger LOG = LoggerFactory.getLogger( LogoutListener.class ); 075 076 private static final NamespaceContext nsContext = CommonNamespaces.getNamespaceContext(); 077 078 /** 079 * performs a login request. the passed event contains a RPC method call containing a sessionID 080 * 081 * @param event 082 */ 083 @Override 084 public void actionPerformed( FormEvent event ) { 085 RPCWebEvent re = (RPCWebEvent) event; 086 087 if ( !validateRequest( re ) ) { 088 String s = Messages.getMessage( "IGEO_STD_SEC_INVALID_LOGOUT" ); 089 LOG.logDebug( s ); 090 return; 091 } 092 093 String user = null; 094 try { 095 user = performLogout( re ); 096 } catch ( Exception e ) { 097 gotoErrorPage( e.toString() ); 098 LOG.logDebug( e.getMessage(), e ); 099 return; 100 } 101 102 // write request parameter into session to reconstruct the search form 103 HttpSession session = ( (HttpServletRequest) this.getRequest() ).getSession( true ); 104 session.removeAttribute( "SESSIONID" ); 105 getRequest().setAttribute( "USER", user ); 106 107 } 108 109 /** 110 * validates the passed event to be valid agaist the requirements of the listener (contains user 111 * name and password) 112 * 113 * @param event 114 * @return boolean 115 */ 116 private boolean validateRequest( RPCWebEvent event ) { 117 RPCMethodCall mc = event.getRPCMethodCall(); 118 if ( mc.getParameters().length == 0 ) { 119 return false; 120 } 121 String sessionId = (String) mc.getParameters()[0].getValue(); 122 if ( sessionId == null ) { 123 return false; 124 } 125 126 return true; 127 } 128 129 /** 130 * 131 * @return String 132 */ 133 private String getAddress() { 134 HttpSession session = ( (HttpServletRequest) getRequest() ).getSession( true ); 135 ViewContext vc = (ViewContext) session.getAttribute( Constants.CURRENTMAPCONTEXT ); 136 GeneralExtension ge = vc.getGeneral().getExtension(); 137 BaseURL baseUrl = ge.getAuthentificationSettings().getAuthentificationURL(); 138 return NetWorker.url2String( baseUrl.getOnlineResource() ); 139 } 140 141 /** 142 * peforms a logout by sending the sessionID contained in the event to the WAAS like service. 143 * The service answers with the id of the session that has been closed and the name of the user 144 * who is assigned to the session.<BR> 145 * A logout may fails if the passed sessionID is unkown or the session assigned to the ID has 146 * already been closed or is expired 147 * 148 * @param event 149 * @return name of the user assigned to the passed sessionId 150 * @throws Exception 151 */ 152 private String performLogout( RPCWebEvent event ) 153 throws Exception { 154 RPCMethodCall mc = event.getRPCMethodCall(); 155 String sessionId = (String) mc.getParameters()[0].getValue(); 156 StringBuffer sb = new StringBuffer( OWSUtils.validateHTTPGetBaseURL( getAddress() ) ); 157 sb.append( "service=WAS&request=DescribeUser&SESSIONID=" ).append( sessionId ); 158 URL url = new URL( sb.toString() ); 159 NetWorker nw = new NetWorker( CharsetUtils.getSystemCharset(), url ); 160 Reader reader = new InputStreamReader( nw.getInputStream() ); 161 Document doc = XMLTools.parse( reader ); 162 String user = XMLTools.getNodeAsString( doc, "/User/UserName", nsContext, null ); 163 if ( user == null ) { 164 throw new Exception( Messages.getMessage( "IGEO_STD_SEC_ERROR_GET_USERNAME", sessionId ) ); 165 } 166 167 sb = new StringBuffer( OWSUtils.validateHTTPGetBaseURL( getAddress() ) ); 168 sb.append( "service=WAS&request=CloseSession&SESSIONID=" ).append( sessionId ); 169 url = new URL( sb.toString() ); 170 171 nw = new NetWorker( CharsetUtils.getSystemCharset(), url ); 172 byte[] b = nw.getDataAsByteArr( 100 ); 173 if ( b != null ) { 174 String tmp = new String( b ); 175 if ( tmp.trim().length() > 0 ) { 176 throw new Exception( Messages.getMessage( "IGEO_STD_SEC_FAIL_LOGOUT", sessionId ) ); 177 } 178 } 179 180 return user; 181 } 182 183 }